cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

VLAN assignment for voice-vlan after successfull MAB authentication (ISE)

Comes here often

VLAN assignment for voice-vlan after successfull MAB authentication (ISE)

We use Cisco ISE for authentication off all our devices in the network. We also uses VOIP phones with MAB authentication. After authentication the phone must be switched to the voice-vlan-40 (also using LLDP/CDP)

 

I need the special AP-pairs from Cisco ISE to set this VLAN.

 

Does anyone can help me?

 

voice.JPG

6 REPLIES 6
Highlighted
Kind of a big deal

Re: VLAN assignment for voice-vlan after successfull MAB authentication (ISE)

Comes here often

Re: VLAN assignment for voice-vlan after successfull MAB authentication (ISE)

.....

Comes here often

Re: VLAN assignment for voice-vlan after successfull MAB authentication (ISE)

Thanks, but this is only ment for regular VLAN assignment, I'm looking for voice-vlan assignment which is different.
Kind of a big deal

Re: VLAN assignment for voice-vlan after successfull MAB authentication (ISE)

An approach I have used (very sucesffully) in the past is to assign the VLANs on the switch and only use 802.1x for authentication.  You can still override the data VLAN for the user.

 

This may not quite be what you want - but this works.

 

1.PNG

Kind of a big deal

Re: VLAN assignment for voice-vlan after successfull MAB authentication (ISE)

You can refer to this document for the allow attributes:

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/Tagging_Client_VLANs_with_RADIUS_...

 

The attribute for the data vlan is:

Tunnel-Private-Group-ID

A model citizen

Re: VLAN assignment for voice-vlan after successfull MAB authentication (ISE)

Voice VLAN / VLAN recognition is working independ of 802.1x RADIUS.

The switch puts the IP-phones automatically to the voice VLAN in my networks. PC´s connected to the phones are running into the user VLAN.

 

 

 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.